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(57) Abstract 



The invention relates to a system (I) for electronic orders and payments by means of a communication network (6). such as a 
telephone network. A facilitating unit (2) comprising a voice response system (21) and a communication server (22) makes it possible, with 
the aid of simple subscriber equipment (8, 10) and a smart card (9), to order services and to effect electronic payments. The facilitating 
unit (2) is designed so as to be readily scalable and expandable. Preferably, it is also possible to revalue a smart card (9) by way of the 
system (1) of the invention. 
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System f r facilitating the ordering and paying of services by means of a 
communication netw rk. 

W A C.K GROUND OF THE INVENTION 

The invention relates to a system for remote electronic transactions, 
which system comprises a telecommunication network, such as a telephone 
network. The invention specifically relates to a system for providing electronic 

5 services, including financial transactions and identifications, and in which use 
is made of electronic payment means, such as so-called "smart cards" or "IC 
cards", and a communication network for transmitting payment data. 

Remote ordering with the aid of, e.g., a telephone is known per se. It . 
is possible, e.g., by telephone to order items from a mail-order firm. In this 

10 connection, however, the payment must take place later, upon delivery. This 
is experienced, both by the service provider (the mail-order firm) and the 
consumer (the ordering customer), as inconvenient, definitely in the event 
that the customer orders for someone else. 

Systems for electronic payment are also known per se. It is known, 

1 5 e.g., to carry out, with the aid of a remote computer (PC), financial 

transactions (".elebanking"). In this connection, the computer of th; customer 
is used as an aid for giving commands to the computer of the payment 
institution. The computer of the customer may also be used for identifying 
the user by means of, e.g., a PIN (Personal Identification Number). 

20 Furthermore, it is known to use card-shaped electronic payment means 

to pay electronically. Thus, telephone booths nowadays are usually equipped 
for paying by means of an electronic payment card. It should be noted that in 
this text the term "smart card" or "IC card" will be used to indicate electronic 
payment means comprising an integrated circuit having at least a memory, but 



WO 97/14124 



PCT/EP96/04402 



2 

preferably also a processor. Such electronic payment means, which usually are 
constituted by a card in which the integrated circuit is embedded, enable in 
most cases the storage of a balance representing a value (so-called "prepaid 
cards"), and often also allow an identification of the user. It should, however, 
be understood that payment cards having a magnetic strip for storing a 
balance and/or identification data (so-called magnetic stripe cards) are for 
many applications equivalent to smart cards. 

Existing systems for electronic payments make it possible to pay for 
certain services during use, e.g., in the event of the public telephone booth 
mentioned above, which may be activated by means of a card. It is often not 
possible, however, to securely pay for a number of different services in 
advance with the aid of an IC card and a telephone set. Moreover, in existing 
systems the option is lacking of revaluing the IC card in a remote manner, 
i.e., at the customer's premises. Furthermore, prior art systems do not allow 
an easy expansion of the systems as the demand for remote transactions 
increases. 

International patent application WO 94/11849/or example, discloses a 
system for effecting payments with the aid of mobile telephony (GSM). In the 
known system, the rights of the user are checked with the aid of the user card 
(SIM) and an identification code which is checked locally. The known system 
offers no previsions for applying payment cards such as so-called "prepaid 
cards". 

International Patent Application W092/21 1 lOdiscloses a system for the 
acquisition of services using a telephone set equipped with a smart card 
reader. The smart card is used to identify the user. This known system 
provides a coupling between the smart card of a user and the c mputer of a 
service provider, but does not comprise a specialized system for facilitating 
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rem te transactions. Also, this prior art system does not comprise means 
enabling a shortened transaction time. 

European Patent Application EP 0 590 861 discloses a method for credit 
or debit card authorization. An authorization code is given to a vendor if a 
5 card holder is authorized to incur the expense of a purchase. The vendor then 
charges the credit card company for the purchase using the authorization 
code. This prior art method does not offer the possibility of direct payment. 
The use of smart cards is not disclosed. 

European Patent Application EP 0 618 539 discloses a method for 
10 providing service using credit cards via a telephone network. There is no 
direct debiting or crediting of smart cards. 

European Patent Application EP 0 658 862 discloses a method and 
system for mediating transactions using smart cards. A smart card gateway 
serves as a mediator between the user and a service provider to obtain credit 
15 information. A credit bureau host is used to validate credit information. 

Smart cards are used in this prior art system for identification purposes only. 
There is no disclosure of direct payment by means of smart cards. 

European Patent Application EP 0,588,339and corresponding US 
Patent 5,396,558disclose a method and apparatus for the settlement of 
20 accounts by means of IC cards. The method uses secret and public keys and 
digital signatures to' protect the card data and to enable a direct exchange of 
data between card terminals. There is no disclosure of a system in which 
payment data are stored at a trusted third party. 



25 



SUMMARY OF THE INVENTION 

It is an object of the invention to eliminate the above-mentioned and 
other drawbacks of the prior art, and to provide a system which makes it 



WO 97/14124 



PCT>EP96/04402 



4 

possible to remotely pay for a plurality of different services with the aid of an 
electronic payment means, such as a smart card. It is also an object of the 
invention to provide a system which makes it possible, in a simple but reliable 
manner to remotely process electronic payments. It is a further object of the 
5 invention to provide a system which makes use of existing telecommunication 
means such as. e.g., the public telephone network. It is an additional object of 

the invention to provide a system which offers the option of revaluing remote / 

l 

smart cards. It is a yet further object of the invention to provide a system . j 
which offers the option of remote revaluation of a smart card and/or remote 

10 identification. It is a still further object of the present invention to provide a 
system for remote transactions which is scalable and readily expandable. 

To this end, the present invention provides a system for electronic 
remote services, such as financial services, comprising a communication 
network, a facilitating unit coupled with both the network and one or more 

15 support units, a terminal coupled to the communication network, a service 

unit coupled to the communication network, the terminal being provided with 
means for exchanging information with a payment means. 

The said facilitating unit for enabling services by providing 
communication routes between a usei terminal, a service unit and support 

20 units, preferably comprises a voice response system and a communication 

server mutually connected by a control link and a data link, the voice response 
unit being arranged for handling a service request and passing the request to 
the communication server via the control link, the communication server 
being arranged for setting up, in response to the service request, a 

25 communication route from the voice response system via the data link and the 
communication server to a support unit. 

With the aid of such a system, it is possible for a user, by way of his 
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terminal and the communication network, to establish a direct communication 
route with the facilitating unit, after which the facilitating unit contacts the 
service unit of a service provider and the transaction unit of the system 
respectively. In this manner, a service may be ordered and, by way of the 
transaction unit in combination with the smart card, be paid directly and in a 
remote manner. Moreover, it is possible with such a system to remotely 
revalue smart cards in the event that the system is also provided with a 
revaluation unit coupled to the facilitating unit. Furthermore, it is possible to 
identify a card user if the system is also provided with an identification unit 
coupled to the facilitating unit. 

BRIEF DESCRIPTION OF THE DRAWINGS 

The invention will be further explained below with reference to the 
drawings, in which: 

Fig. 1 diagrammatically shows an embodiment of a system according to 

the invention for electronically carrying out financial transactions 

and ordering services, 
Fig. 2 diagrammatically shows the facilitating unit and associated parts 

of the system of Fig. 1, 
Fig. 3 diagrammatically shows the processes of the facilitating unit of 

Fig. 2, 

Fig. 4 diagrammatically shows an example of a resource table as used in 

the facilitating unit of Figs. 2 and 3, 
Fig. 5 diagrammatically shows the exchange of messages between the 

constituent parts of a remote payment system in accordance with 

the invention. 
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EXEMPLARY EMBODIMENTS 

The system 1 sh wn in Fig. 1 by way of example comprises a 
facilitating unit 2 coupled with three support units, i.e. a transaction unit 3, a 
revaluation unit 4 and an expansion unit 5, by means of communication links 
13, 14 and 15 respectively. The facilitating unit 2 is connected with a 
communication network 6 via a communication link 16. A service unit 7 and a 
terminal 8 are connected with the communication network 6 by means of 
communication links 1 7 and 1 8 respectively. It will be understood that in 
practice a plurality of terminals 8 and service units 7 may be coupled to the 
communication network 6 by means of a plurality of parallel communication 
links 1 7 and 1 8 respectively. 

The communication network 6, which provides the communication 
between a consumer (via a terminal 8).. a service provider (via a service unit 7) 
and the transaction, revaluation and expansion units 3, 4 and 5 respectively 
(via the facilitating unit 2), is preferably constituted by a fixed telephone 
network (PSTN). It will be understood, however, that the communication 
network 6 may just as well comprise a mobile communication network, such 
as e.g. a GSM or DECT network; or another fixed communication network, 
such as an ISDN network. In the example shown, the communication links 16 
through 18, and also communication link 24, are telephone lines. 
. ■ . The terminal 8 of a consumer (user) may be constituted by an ordinary 
telephone set, but possibly also by a mobile telephone, an ISDN set or, 
possibly, a fax machine. The terminal 8 is provided with (internal or external) 
interface means 10 for exchanging data with an electronic payment means 9, 
such as a smart card, provided with an integrated circuit for storing and 
pr cessing payment and/or identification data. A terminal 8 may be used 
which is especially equipped for carrying out electronic payment transactions 
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and which, to this end, comprises a smart card reader/writer. Atfdrdinary 
telephone set, however, may be advantageously applied in combination with a 
device as described in International Patent Application PCT/EP96/01739Such 
a device (acting as interface means 10) provides a transparant interface 
5 between a smart card and a telephone set, converting electrical smart card 

signals into pcoustical ones and vice versa without altering the transferred data 
proper. The transparant interface provides a transparant path between the 
smart card and (the security module of) a transaction unit, as will later be 
explained in more detail. A suitable interface 1 0 may also be connected in the 

10 communication link 18 and thus be electrically connected with the terminal 8. 

The service unit 7 preferably comprises a speech generating response 
unit ("voice response system"), which may be controlled by DTMF tones 
generated by either the user's terminal or by the response unit itself. The 
service provider's response unit may be constituted by a suitably programmed 

1 5 computer. The service unit 7, however, may also consist of a further terminal, 
such as a telephone set, and a data processing device, such as a personal 
computer which is controlled by a human operator. The service unit 7 may be 
* i - equipped for rendering services at a charge^ such as, e.g., delivering foods or 
booking transportation, but also financial services such as remitting money. 

20 Although the service unit 7 is shown to be connected with the facilitating unit 
2 through the network 6, alternative embodiments may be envisaged in which 
a service unit 7 is coupled directly with the voice response system 2 1 of the 
facilitating unit 2. 

In the example shown, the facilitating unit 2 facilitates services by 

25 providing a (preferably transparent) intermediary between: (a) the terminal 8 
and the smart card 9 of a consumer, (b) the service unit 7 of a service 
provider, and (c) the transaction unit 3 which enables the payment of services 
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offered. Additidnally, the facilitating unit 2 can act as a (preferably 
transparent) intermediary between e.g. a smart card 9 of a consumer and a 
revaluation unit 4 in order to provide financial services. 

The facilitating unit 2 consists of at least one voice response system 2 1 
and at least one communication server 22. These two constituent components 
of the facilitating unit 2 are mutually connected by means of a control link 23 
and a data link 24. As will be explained later in more detail, the control link 
23 and the data link 24 may comprise a communication network (e.g. PSTN, 
ISDN or X.25). The transaction unit 3, the revaluation unit 4 and the 
expansion unit S are connected with the communication server 22 of the 
facilitating unit 2 through communication links 13, 14 and 15 respectively. 
The communication links 13, 14 and IS may be transmission lines, but may 
also comprise suitable networks. 

The system of Fig. 1 may be applied as follows (it will be assumed that 
the terminal 8 is an ordinary telephone set and that the consumer in question 
disposes of an interface or transfer device 10 according to International Patent 
Application PCT/EP96/0173?or coupling the smart card 9 and the telephone 
set 8). The consumer uses the terminal (telephone set) 8 to set up a 
connection wiJi the voice response system 21 of the facilitating unit 2 in a 
conventional manner. The consumer chooses a certain service, either by using 
a (telephone) number related to that service, or (in the event of a common 
number for several services) by entering supplementary numbers on the 
terminal 8, possibly in reply to questions posed by the voice response system 
21. Subsequently the voice response system 21, by way of the network 6, 
makes a connection with the service unit 7 of the service provider in question. 



In this connection, the voice response system 21 may output some 
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(cryptographically protected) identification information in order !o mutually 
identify the voic response system 2 1 and the service units 7. 

The consumer orders his service (or product), whereupon the service 
unit 7 of the service provider produces a series of DTMF tones which is 
5 representative of the service and the costs thereof. Alternatively, the service 
unit 7 uses another protocol to exchange control information. The voice 
response system 2 1 then places the service provider in the waiting mode and 
gives the consumer instructions with respect to the payment. Substantially at 
the same time, the voice response system 2 1 establishes through the 

10 communication server 22 a connection with the transaction unit 3. In order to 
control the switching process in the communication server 22, the voice::, 
response system 21 subsequently sends commands to the server 22 via link 23. 

The consumer starts the payment process by pressing a certain key 
(e.g., "*") on his telephone set (terminal) 8 or on his transfer (interface) 

15 device 10. Which key must be pressed may have been communicated to the 
consumer by the voice response system 21. Another key (e.g., "#") may serve 
to discontinue the transaction. In the event that the payment process does take 
place, the subscriber line of the consumer is connected through to the 
transaction unit 3. The consumer places his payment means 9 (smart card) ir 

20 the device 10 in question and holds this device 10 against (the handset of) the 
telephone set 8. Subsequently, he presses a key of the device 10, whereupon 
the card 9 and (a security module 31 of) the transaction unit 3 proceed to 
exchange payment information. Such a device 10 is preferably provided with a 
display screen on which the status of the payment transaction is shown. 

25 After the payment has been effected, the consumer receives an (e.g., 

acoustic) signal indicating that the transaction is completed and that a new 
transaction, if any, may b started. To this nd, the service provider receives 



WO 97/14124 



PCT/EP96/04402 



10 

a feedback froni the voice response system. The voice response system 21 may 
invite the consumer, to choose other services with the aid of DTMF tones. 

The system 1 of the present invention thus provides a transparant end- 
to-end path between the smart card (9 in Fig. 1) and a security module ("SAT, 
S 31 in Fig. 1) for exchanging payment information. Alternatively, the system 1 
provides a (preferably transparant) path between the smart card 9 and the 
revaluation unit 4 (for increasing the balance of the card 9) or the expansion 
unit 5 (for providing additional services, such as user identification). The 
system 1 also provides a (voice) connection between the user's terminal 8 and 
10 the service provider's service unit 7. 

The structure of the facilitating unit 2 will now be explained in more 
detail with reference to Fig. 2. 

In the embodiment shown in Fig. 2, the voice response system 21 
comprises two switches 211 and 2 12, at least one voice response unit 213 
15 (denoted as "VRU") in Fig. 2) and a control unit 214. The first switch 21 1 is 
coupled with a network, e.g. the network 6 of Fig. 1 , via a communication 
link 16. As shown in Fig. 2, the link 16 may consist of a plurality of sub-links, 
*. e.g: individual telephone lines. The first switch 2 1 1 connects an incoming call 

with an available voice response unit 213. Preferably, the voice response 
20 system 21 comprises a plurality of voice response units 213, e.g; ten or twenty. 
The second switch 212 is also coupled with the voice response units 213 in 
order to connect such a unit with the communication server 22 through the 
data link 24. Data link 24, which is used to exchange data messages (data 
signals), is shown in Fig. 2 as comprising a separate network rather than 
25 consisting of -a mere transmission line. However, a direct connection between 
the switch 2 12 and the first interface 222 of the communication server 22 is 
also possible. It should be noted that the network constituting the data link 24 
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may be a PSTN network, and that this network may be identical \6 the 
network 6 of Fig. 1. 

The voice response system 21 of Fig. 2 further comprises a control unit 
214, which may comprise a microprocessor system, such as a personal 
5 computer. The control unit 2 14 is connected with the voice response units 213 
and with control link 23. The control link 23 is shown in Fig. 2 as comprising 
a separate network, such as a local area network (LAN), for passing control 
messages (control signals) to and from the communication server 22. This 
enables the voice response system 21 and the communication server 22 to be 

10 at different locations, and to interconnect a plurality of voice response systems 
21 and a plurality of communication servers 22. However, a direct connection 
between the control system 2 14 and the second interface 223 of the 
communication server 22 is also possible. 

It should be noted that alternative embodiments are possible in which 

15 the voice response system 21 is much simpler and merely gives an attention 
signal, after which the system switches to transparant mode and provides a 
connection with the server 22. 

The communication server 22 comprises a processor system 221, a first 
interface 222 (preferably comprising at least one modem), a second interface 

20 223 and a third interface 224. The processor system 221 may consist of a 

commercially available microcomputer system having a microprocessor and a 
memory, using e.g. the UNIX operating system. The processor system 221 
interfaces with the control link 23 via the second interface 223. Similary, the 
processor system 221 interfaces with the data link 24 via the modems of the 

25 first interface 222. As stated before, the data link 24 preferably comprises a 
telephone network (PSTN), in which case modems are used to convert the 
data into the appropriate formats. However, in case the data link 24 is 
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constituted by a 1 data network, the modems 222 may be replaced by an ther 
suitable interface or may possibly be omitted. 

In Fig. 2, the communication link 14 comprises a data network, such as 
a network based on the ITU X.25 recommendation. The third interface 224 
5 provides an appropriate coupling between the processor system 221 and the 
data network 14. It will be understood that the revaluation unit 4 may 
comprise an internal interface (not shown). 

A transaction unit 3, connected with the processor system 221 via 
communication link 1 3, comprises at least one security module 3 1 (denoted as 

10 M SM M ) for securely storing transaction data. Such security modules are 

preferably mounted detachably in the transaction unit 3 and are protected 
against unauthorised access. An example of the use of a security module and 
of the associated exchange of messages is described in European Patent 
Application EP 0 637 004. 

15 For the purpose of the authentication of users (consumers) on the basis 

of payment means 9, the transaction unit 3 is provided with authentication 
means. To this end, the transaction unit 3 may comprise a data file containing 
key data, including e.g. master keys and/or diversified keys, and possibly also 
encryption programs. Although a transaction unit may comprise a separate 

20 processor and memory for e.g. performing cryptographic operations and for 
securely storing data in memory means (e.g. hard discs) associated with the 
processor, such a unit may in its simplest form be constituted by a card 
reader/writer in which a security module card is inserted. Such a card is 
similar to a regular smart card, the integrated circuit being designed for 

25 securely storing transaction data. 

In Fig. 2, two transactions units 3 labelled A and B are shown by way 
of example. Similarly, two revaluation units 4 labelled A and B are shown. It 
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will be understood that the number of transaction units 3 and revaluation 
units 4 which can be connected with the facilitating unit 2 is only limited by 
the processing power of the processor system 221. If necessary, additional 
communication servers 22 can be added. 

The facilitating unit 2 is thus easily scalable (increasing the number of 
communication links 16) and expandable (increasing the number of 
communication servers 22). 

The revaluation units 4 are shown in Figs. 1 and 2 as separate units, 
but may be integrated in the transaction units 3. A revaluation unit 4 
comprises means for increasing the balance of a smart card. Such means for 
increasing a balance may comprise a processor system (e.g. a PC) running 
suitable software. During the revaluation, the revaluation unit 4 exchanges 

data by way of the facilitating unit 2, the communication network 6, the 

_ 

terminal 8 and the interface device 10, with the payment means 9, preferably 
by means of a security protocol. 

The operation of the facilitating unit 2 will further be explained with 
reference to Fig. 3. 

Fig. 3 schematically shows the functionalities of the communication 
server 22. The main process 200 running in the processo; system 221 of Fig: 2 
comprises three parts: a session manager 201, processes 202 and resource 
tables 203. The session manager 201 exchanges control* information with the 
voice response system 21 via the second interface 223. In response to an 
appropriate request, the session manager 201 checks the resource tables 203 in 
order to determine whether a new process can be initiated. If this is possible, 
a new process 202 is created. This is indicated in the resource tables 203, as 
will later be explained with reference to Fig. 4. 

Each process 202 exchanges data with the voice response system 2 1 via 



WO 97/14124 



PCT/EP96/04402 



14 

a modem 222. A modem 222 may b assigned to a certain process by means of 
the resource tables 203. Depending on the particular transaction requested by 
the consumer, a process 202 interacts with e.g. the revaluation unit 4 or the 
transaction unit 3. 

S As will be understood from the above, the facilitating unit 2 operates in 

two phases: a control phase and a data phase. In the control phase, a 
connection is set up, while in the data phase, a (transparant) message exchange 
takes place. 

Fig. 4 shows an exemplary embodiment of a resource table 203. The 

10 table comprises several columns, a first column being labelled "Type". In this 
column, the type of a resource is indicated, e.g. processes, transaction units, 
revaluation units, expansion units, modems, etc. The number of types may be 
increased as needs arise. Each type comprises a group of items, each item 
having a reference number. 

15 The second column of table 203 is labelled "Item" and provides a list of 

the resources of each type. In the case of transaction units, a further 
subdivision is made as each transaction unit may comprise more than one 
security module (SM). . . % . t . . 

The last column of the table 203 indicates whether the resource is 

20 available ("F" « "free") or not ("U" = "used"). The resource table, and in 
particular its last column, is regularly updated by the session manager, e.g. 
each time a new process 202 is started and terminated. The session manager 
201 scans the resource table before starting a new process 202 in order to 
determine whether the resources necessary can be allocated to the new 

25 process. 

In the example shown, the shaded areas indicate that devaluation 
process #5, transaction unit B, security module #2 (of transaction unit B) and 



WO 97/14124 



PCT/EP96/04402 



15 

modem B are claimed for a devaluation process (some other* resources may be 
claimed for other processes). The devaluation process claiming said resources 
is a process 202 as depicted in Fig. 3. The process is initiated by the session 
manager 201 in response to a service request from the voice response system 
5 21. When the devaluation process 202 in question is terminated, the resources 
claimed are returned to the pool of available resources. This will be indicated 
in table 203 by setting the corresponding entries in the last column to "F" 
(free). 

In Fig. 5, the exchange of card data (commands and data sent to the IC 

10 card and their responses) between an IC card on the one hand and a security 
module of a transaction unit on the other hand is schematically represented. 
The IC card may correspond with the card 9 of Fig. 1 , the transfer device 
may correspond with the interface device 10 of Fig. 1, the transaction unit 
may be the unit 3 of Fig. 1, and the security module may correspond with the 

15 Security Module (SM) 31 in Fig. 1. 

In accordance with a further aspect of the present invention, a 
distinction is made between two levels of card commands exchange. Between 
the IC card and the transfer device, a low level exchange takes place: the 
actual card commands and card data are sent :o and received from the card. 

20 As this exchange is performed using electrical signals wirhin the transfer 

device 10, the exchange can have a high data rate. Between the transfer device 
and the transaction unit, however, an acoustic path is present (between the 
device 10 and the handset of the terminal 8). This section of the connection 
between IC card and security module usually has a limited transmission speed. 

25 For this reason, in this section a high level exchange takes place in which 
several low level commands are grouped together and are replaced with a 
single high level command. In this way, the transmission time required for a 
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transaction can be significantly reduced. However, the content of the 
information transferred is not changed. This will further be explained with 
reference to Fig. 5. 

As is shown in Fig. 5, the transaction unit 3 may issue a high level 
5 command (indicated by H). In response to the receipt of this single high level 
command, the transfer device exchanges several low lev^l commands 
(indicated by L) with the IC card 9. The result of this exchange is sent by the 
transfer device to the transaction unit as a single high level command (H). 
Subsequently, this high level command results in the exchange of several low 

10 level commands (L) between the transaction unit and the security module. 

Each high level command (H) thus represents a routine comprising a plurality 
(e.g. five of ten) low level commands (L). Preferably, the high level 
commands are optimized for efficiency by e.g. having each commonly used 
routine represented by a single high level command. 

1 5 Preferably, the transfer device supports two different modes of data 

exchange. In a first mode (indicated by Mode I in Fig. 5) the transfer device 
operates as described above: a high level command represents several low 
level commands. In a second mode (indicated by Mode II in Fig. 5) a single 
low level command (L) is sent as a high level command (H*) to the transfer 

20 device, which passes the command as a low level command to the IC card. 
The resulting low level command (L) produced by the card is again sent by 
the transfer device to the transaction unit as a high level command (H*), 
which subsequently converts the command back into a low level command 
(L). It will be understood that the high level commands H* merely convey low 

25 level commands (L). That is, the high level commands H* may e.g. consist of 
a low level command plus an appropriate header. In this way, low level 
commands may be transparently passed to the IC card while using the 
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structure and/or data protocol of the high level commands. This transparant 
passing has the advantage that low level commands may be used for which no 
high level command is available, i.e. which cannot be grouped in an existing 
high level command. This is especially advantageous as the introduction of an 
5 IC card with one or more new commands does not necessitate an upgrade of 
the software of the transfer device. 

Preferably, the transfer device, as well as the transaction unit, is 
capable of shifting back and forth between Mode I and Mode II, so that high 
level commands (H) representing a number of low level commands may be 
10 interspersed with high level commands (H*) merely conveying a single low 
level command. 

All high level messages are passed directly to an application, e.g. the 
revalue and devalue processes shown in Fig. 3. The system of the present 
invention thus provides a high degree of transparancy with respect to the 
15 messages exchanged between the smart card 9 and the applications. 

The message exchange of Fig. 5 will now be explained in greater detail; 
using a devaluation of the smart card (i.e. a payment) as an example. 

The Jxansnction unit 3, which handles card devaluations, issues a high 
level command H, = DEVALU(2.00, R), where 2.00 is the amount which is 
20 to be deducted from the card and R is a random number which serves to 

securely identify the transaction and thus to prevent fraudulent replay^ This 
high level command H 1s which itself may have a length of only several bytes, 
causes the transfer device 10 to exchange a series of low level messages 1^ - 
L 10 with the card 9. Such messages are e.g.: 
25 L,: select purse ( <- ) 

L 2 : done ( -> ) 

L 3 : select application ( <- ) 
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L 4 : .done ( -> ) 

L 5 : present value (2.00) ( <- ) 

L 6 : done ( -> ) 

hy: present random (R) ( <- ) 

S L 8 : done ( -> ) 

L g : calculate response ( <- ) 

L 10 : response = W ( -> ) 

The arrows indicate the direction of a message: from the transfer device to 
the card ( <- ) and from the card to the transfer device ( -> ). W is the value 
10 of the calculated response. As can be seen, the actual data (2.00 and R) of the 
high level command H<, are not altered by the low level commands L 5 and L 7 . 

After receiving the response W in low level message L 10 , the transfer 
device sends a high level message H 2 = RESPON(W) to the transaction unit. 
The actual value of W is not altered by the transfer device. 
1 5 After receiving the high level response message H 2 , the transaction unit 

starts an exchange of low level messages L 10 - L 20 with the security module: 

L n : select SM revalue ( -> ) 

L 12 : OK (<-) 

L 13 : piesent value (2.00) ( -> ) 
20 L 14 : OK ..(<-) 

L 16 : present random (R) (-> ) ., 

L 16 : OK (<- ) 

L 17 : present response (W) ( -> ) 

L 18 :OK (<-) 
25 L 19 : calculate X?? ( -> ) 

L 20 : OK ( <- ) 

The arrows indicate the direction of a message: from the transaction unit to 



WO 97/14124 PCT/EP96/04402 

19 

the security module ( -> ) and from the security module to the transaction unit 

( <- )• 

As stated above, the actual content of the messages (the value, the 
random R and the response W) is transparently transferred, while the length 
of the messages exchanged between the transaction unit and the transfer 
device is significantly reduced. 

The use of mixed low level and high level commands will now be 
explained, still referring to Fig. 5. For the sake of the example, it will be 
assumed that the syntax of the instruction "calculate response" is changed in a 
new release of the smart card. In the example given above, the low level 
message L 9 will consequently produce an error message L 10 : "unknown , 
instruction". This message L 10 will then be transparantly passed to the 
transaction unit, which may in return produce an appropriate instruction and 
send this command to the transfer device as high level command H 3 . The 
transfer device subsequently transfers the command H # 3 as low level 
command L 22 to the card, which then produces the proper response W. The' 
response W is then sent to the security module as commands L 23 , H* 4 and 
L 24 . 

In this way, only i single low level command is necessary to remedy tie 
use of an incorrect (e.g. outdated) command. Still, a significant saving in the 
amount of commands transferred over the network (6 in Fig. 1) is maintained, 
and thus a significant saving in transmission time is achieved. 

Although the system 1 of Figs. 1-3 is preferably applied in combination j 
with smart cards having a prepaid balance (so-called "prepaid cards"), which 

balance is reduced during a payment, the system may also be applied with I 

I 

payment means which serve exclusively for identification, and in which 1 
payments are debited to an account. Such payment means may also be 
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constituted by so-called magnetic stripe cards. Furthermore, the system of the 
invention is not substantially changed if magnetic stripe cards are used instead 
of smart cards, e.g. as prepaid cards storing balances. 

It will thus be understood by those skilled in the art that the invention 
is not limited to the embodiments shown, and that many modifications and 
additions are possible without departing from the scope of the invention. 
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CLAIMS 

1. Facilitating unit (2) for enabling services by providing c mmunication 
routes between a user terminal (8), a service unit (7) and support units (3, 4, 
5), the facilitating unit (2) comprising a voice response system (21) and a 
communication server (22) mutually connected by a control link (2 3) and a 
data link (24), the voice response unit (21) being arranged for handling a 
service request and passing the request to the communication server (22) via 
the control link (23), the communication server (22) being arranged for setting 
up, in response to the service request, a communication route from the voice 
response system (21) via the data link and the communication server (22) to a 
support unit (e.g. 3). 

2. Facilitating unit (2) according to claim 1, comprising a plurality of 
voice response systems (21). 

3. Facilitating unit (2) according to claim 1 or 2, comprising a plurality of 
communication servers (22). 

4. Facilitating unit according to any of the preceding claims, wherein a 
voice response system (21) comprises one or more voice response units (2 13), a 
first switch (211 )for routing an incoming call to a voice response unit (2 13), a 
second switcL (212)for routing an incoming call to the communication server 
(22), and a control unit (214)for controlling the voice response units (213)and 
for passing control signals to the communication server (22). 

5. Facilit2ftng unit (2) according to any of the preceding claims, wherein 
the communication server (22) comprises a processor system (221), a first 
interface (222)for exchanging data signals and a second interface (223)for 
exchanging control signals with the voice response system (2 1 ). 

6. Facilitating unit (2) according to claim 5, wherein the first interface 
(222)comprises at least one modem. 
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7. Facilitating unit (2) according to claim 5 or 6, wherein the 

c mmunicati n server (22) further comprises a third interface (224)for 
exchanging data signals with a support unit (4) via a data network (14). 

8. Facilitating unit (2) according to claim 5, 6 or 7, wherein the processor 
S system (221)of the communication server (22) is arranged for providing a 

session manager (201) which starts new processes (202)providing 
communication routes in response to information stored in resource tables 
(203). 

9. Facilitating unit (2) according to claim 8, wherein a resource table (203) 
10 comprises a list of available processes (202), support units (3, 4, S) and 

interfaces (e.g. 222). 

10. Facilitating unit (2) according to claim 9, wherein an expandable 
resource table (203)allows resources to be added without changing the session 
manager (201). 

15 11. System (1) for electronic financial services, comprising a 

communication network (6), a facilitating unit (2) according to any of the 
preceding claims and coupled with the network (6) and one or more support 
units (3, 4, 5), a terminal (8) coupled to the communication network, a service 
unit (7) coupled to the communication network, the terminal (8) being 

20 provided with means (10) for exchanging information with a payment means 
(9). , 
12. System according to claim 11, wherein a support unit is a transaction 
unit (3) comprising at least one security module (31) for storing transaction 
data. 

25 13. System according to claim 11 or 12, wherein a support unit is a 
revaluation unit (4) for revaluing smart cards (9). 

14. System according to claim 13, further provided with a data network 
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(14) for exchanging transaction data between the facilitating unit (2) and the 
revaluation unit (4). 

15. System according to any of the claims 11 through 14, in which the 
interface device (10) is arranged for communicating with a support unit (3, 4, 
5) on a first level and with the IC card (9) on a second level, each level 
involving a different data rate. 

16. System according to claim 15, in which a command of the first level 
(H*) comprises a single command of the second level (L). 

17. System according to claim 14 or 15, in which a command of the first 
level (H) represents one or more commands of the second level (L). 

18. System according to any of the claims 1 1 through 17, wherein the 
communication network (6) comprises a fixed telephone network. 

19* System according to any of the claims 1 1 through 17, wherein the 
communication network (6) comprises a mobile telephone network. 
20. Financial transaction, carried out with the aid of a system (1) according 
to any of the claims 1 1 through 19. 
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